027b8d244c
Adding docker apt gpg key requires gpupg to be installed. Task will fail on minimal Debian 10 install as gnupg absent. Change-Id: I979f88162ad8a206e413b37ac7fb09bcc912e016
152 lines
4.9 KiB
YAML
152 lines
4.9 KiB
YAML
---
|
|
- name: Ensure localhost in /etc/hosts
|
|
lineinfile:
|
|
dest: /etc/hosts
|
|
regexp: "^127.0.0.1.*"
|
|
line: "127.0.0.1 localhost"
|
|
state: present
|
|
become: True
|
|
when: customize_etc_hosts | bool
|
|
|
|
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
|
|
# hostname and fqdn point to 127.0.1.1. This can break
|
|
# RabbitMQ, which expects the hostname to resolve to the API network address.
|
|
# Remove the troublesome entry.
|
|
# see https://bugs.launchpad.net/kolla-ansible/+bug/1837699
|
|
# and https://bugs.launchpad.net/kolla-ansible/+bug/1862739
|
|
- name: Ensure hostname does not point to 127.0.1.1 in /etc/hosts
|
|
lineinfile:
|
|
dest: /etc/hosts
|
|
regexp: "^127.0.1.1\\b.*\\s{{ ansible_hostname }}\\b"
|
|
state: absent
|
|
become: True
|
|
when: customize_etc_hosts | bool
|
|
|
|
- name: Generate /etc/hosts for all of the nodes
|
|
blockinfile:
|
|
dest: /etc/hosts
|
|
marker: "# {mark} ANSIBLE GENERATED HOSTS"
|
|
block: |
|
|
{% for host in groups['baremetal'] %}
|
|
{% set api_interface = hostvars[host]['api_interface'] %}
|
|
{% if host not in groups['bifrost'] or 'ansible_' + api_interface in hostvars[host] %}
|
|
{% set hostnames = [hostvars[host]['ansible_nodename'], hostvars[host]['ansible_hostname']] %}
|
|
{{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
become: True
|
|
when:
|
|
- customize_etc_hosts | bool
|
|
# Skip hosts in the bifrost group that do not have a valid api_interface.
|
|
- inventory_hostname not in groups['bifrost'] or
|
|
'ansible_' + hostvars[inventory_hostname]['api_interface'] in hostvars[inventory_hostname]
|
|
|
|
# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
|
|
# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
|
|
# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
|
|
# has been installed, and then set manage_etc_hosts to false.
|
|
- name: Check whether cloud-init has been installed, and ensure manage_etc_hosts is disabled
|
|
block:
|
|
- name: Ensure /etc/cloud/cloud.cfg exists
|
|
stat:
|
|
path: /etc/cloud/cloud.cfg
|
|
register: cloud_init
|
|
|
|
- name: Disable cloud-init manage_etc_hosts
|
|
copy:
|
|
content: "manage_etc_hosts: false"
|
|
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
|
|
mode: "0660"
|
|
when: cloud_init.stat.exists
|
|
become: True
|
|
when: customize_etc_hosts | bool
|
|
|
|
- name: Ensure sudo group is present
|
|
group:
|
|
name: sudo
|
|
state: present
|
|
become: True
|
|
|
|
- name: Ensure kolla group is present
|
|
group:
|
|
name: "{{ kolla_group }}"
|
|
state: present
|
|
become: True
|
|
when: create_kolla_user | bool
|
|
|
|
- block:
|
|
- block:
|
|
- name: Install apt packages
|
|
apt:
|
|
update_cache: yes
|
|
become: True
|
|
|
|
- name: Install CA certificates and gnupg packages
|
|
package:
|
|
name: "{{ item }}"
|
|
state: latest
|
|
become: True
|
|
with_items:
|
|
- ca-certificates
|
|
- apt-transport-https
|
|
- gnupg
|
|
|
|
- name: Ensure apt sources list directory exists
|
|
file:
|
|
path: /etc/apt/sources.list.d
|
|
state: directory
|
|
recurse: yes
|
|
become: True
|
|
|
|
- name: Install docker apt gpg key
|
|
apt_key:
|
|
url: "{{ docker_apt_url }}/{{ docker_apt_key_file }}"
|
|
id: "{{ docker_apt_key_id }}"
|
|
state: present
|
|
become: True
|
|
|
|
- name: Enable docker apt repository
|
|
apt_repository:
|
|
repo: "{{ docker_apt_repo }}"
|
|
filename: docker
|
|
become: True
|
|
when: ansible_os_family == 'Debian'
|
|
|
|
- block:
|
|
- name: Ensure yum repos directory exists
|
|
file:
|
|
path: /etc/yum.repos.d/
|
|
state: directory
|
|
recurse: yes
|
|
become: True
|
|
|
|
- name: Enable docker yum repository
|
|
yum_repository:
|
|
name: docker
|
|
description: Docker main Repository
|
|
baseurl: "{{ docker_yum_baseurl }}"
|
|
gpgcheck: "{{ docker_yum_gpgcheck | bool }}"
|
|
gpgkey: "{{ docker_yum_gpgkey }}"
|
|
become: True
|
|
|
|
# NOTE(yoctozepto): above cannot set this but we require it
|
|
# to install containerd.io due to runc being a modular package
|
|
# in CentOS 8
|
|
# see: https://bugzilla.redhat.com/show_bug.cgi?id=1734081
|
|
- name: Ensure module_hotfixes enabled for docker
|
|
lineinfile:
|
|
dest: /etc/yum.repos.d/docker.repo
|
|
regexp: "^module_hotfixes"
|
|
line: "module_hotfixes = True"
|
|
state: present
|
|
become: True
|
|
|
|
- name: Install docker rpm gpg key
|
|
rpm_key:
|
|
state: present
|
|
key: "{{ docker_yum_url }}/gpg"
|
|
become: True
|
|
when: docker_yum_gpgcheck | bool
|
|
when: ansible_os_family == 'RedHat'
|
|
when: enable_docker_repo | bool
|